Debian: 2907-1: Security Summary: Summary
Posted by Benjamin D. Thomas   
Debian Security Report Summary
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2907-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
April 16, 2014                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

This is an advance notice that regular security support for Debian
GNU/Linux 6.0  (code name "squeeze") will be terminated on the 31st of
May.

However, we're happy to announce that security support for squeeze is
going to be extended until February 2016, i.e. five years after the 
initial release. This effort is driven by various interested parties /
companies which require longer security support. See the "LTS" section 
of https://lists.debian.org/debian-devel-announce/2014/03/msg00004.html
for the initial announcement.

The details are currently being sorted out and a more detailed 
announcement will be made soon.

Brief advance FAQ (but you should really wait for the more detailed 
announcement):

Q: What's the difference between regular security support and the LTS 
   support?
A: squeeze-lts is only going to support i386 and amd64. If you're
   running a different architecture you need to upgrade to Debian 7 
   (wheezy). Also there are going to be a few packages which will not
   be supported in squeeze-lts (e.g. a few web-based applications
   which cannot be supported for five years). There will be a tool to 
   detect such unsupported packages.

Q: Does this mean that Debian 7 (wheezy) and/or Debian 8 (jessie) will 
   have five years security support as well?
A: Likely, we'll see how squeeze-lts turns out. If there's sufficient 
   support it will be continued for later releases as well. Also, see 
   below.

Q: Is additional help needed?
A: Absolutely. squeeze-lts is not handled by the Debian security team, 
   but by a separate group of volunteers and companies interested in 
   making it a success (with some overlap in people involved). So, if
   you're a company using Debian and seeing a benefit in security 
   support for five years, get in touch with team@security.debian.org
   and we'll see how you can help (if you e.g. don't have the manpower /
   know how but are willing to contribute, we can point you to a list
   of Debian consultants)

Mailing list: debian-security-announce@lists.debian.org


-----BEGIN PGP SIGNATURE-----